Privacy Policy Statement

Effective Date: 07/26/2024

Your privacy is important to Ease, Inc (collectively, ‘Ease’, ‘we’, ‘us’, or ‘our’). This Privacy Policy Statement (“Statement”) discloses the information practices for Ease’s Web sites, from what type of information about our Web sites’ users are gathered and tracked, to how the information is used, shared or otherwise processed offline. It also describes how cookies, web beacons and other technologies may be used in our Software-as-a-Service (“SaaS”) offerings and software products. This Statement applies to Ease Web sites that link to this Statement but does not apply to those Ease Web sites that have their own Privacy Policy Statement. From time to time, we may supplement this Statement with additional information relating to a particular interaction we have with you.

As a supplement to Ease’s obligations under GDPR, Ease additionally participates in the Data Privacy Framework Program as designed by the U.S. Department of Commerce, the European Commission, the UK Government and Swiss Federal Administration (the “DPF”), and hereby declares our commitment to comply with the DPF. Ease is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In compliance with the DPF, Ease commits to resolve complaints about our collection or use of your personal information. You may submit inquiries or complaints regarding PPF compliance to:

By Mail:

Ease, Inc.
ATTN: Privacy and Data Protection
1403 N El Camino Real
San Clemente, CA 92672
USA

Under the DPF guidelines, you may, under certain conditions, invoke binding arbitration as a means of dispute resolution. You may also submit complaints through the U.S. Department of Commerce DPF program website using the following link: https://www.dataprivacyframework.gov/s/assistance

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to access such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. As required under the General Data Protection Regulation (GDPR), we will report any applicable breaches to you or any appropriate authorities. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If you have any questions or concerns about your data usage, please contact us. Our website may include links to third party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Information we may collect

Personal Information that Customers Upload Into Ease’s SaaS Offerings
Ease (‘the company’) is a service provider to businesses; the company provides Software-as-a-Service cloud applications and services platforms (“SaaS Offerings”), such as EASE Audits. Under applicable data protection laws, Ease’s customers are the controllers/database owners/responsible parties with respect to the personal data uploaded into the SaaS Offerings, and Ease is a processor/operator for its customers.

Ease processes the personal information that customers may upload into the Cloud Services only at the direction of the customer – to provide the Cloud Services to its customer, and to comply with applicable legal requirements. Ease does not have a direct relationship with the individuals whose personal information customers upload into the Cloud Services. Accordingly, we require our business customers, by contract, to comply with applicable data protection requirements, including to provide notice regarding customers’ data processing activities.

Personal Data We Collect in Connection with Ease’s Websites and Mobile Applications
In addition to the personal data that our customers upload into the SaaS Offerings, we collect personal data in connection with the use of our websites and mobile applications. The types of personal data that we may collect in connection with your use of our websites and mobile applications may include:

  • Business contact information, such as your name, job title and employer name, email address, mailing address, and phone number, including administrative employee contact information provided by our Cloud Services customers
  • The username that you may create for an account you establish on our websites or mobile applications
  • Your comments and testimonials

The information that may be collected by automated means includes:

  • Precise location information of users of our mobile applications
  • Details about the devices that are used to access our websites or mobile applications (such as the IP address, unique device identifier, and type of operating system and web browser)
  • Dates and times of visits to, and use of, our websites and mobile applications
  • Information about how our websites and mobile applications are used (such as the content that is viewed on our websites and how users navigate between our webpages, or the features of our mobile applications that are used and how users navigate between screens on our mobile applications)
  • URLs that refer visitors to our websites
  • Search terms used to reach our websites or locate our mobile applications

Choosing Not to Share Your Personal Data
Where we are required by law to collect your personal data, or where we need your personal data in order to provide you with information or process your registration on our websites and mobile applications or requests, we may not be able to provide you with such services if you do not provide this data when requested (or later ask to delete it).

Cookies and Similar Technologies

What are cookies?
We may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on our Sites.

Cookies We Use
Our Sites use the following types of cookies for the purposes set out below:

Disabling Cookies
You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided in your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.

If you do not accept our cookies, you may experience issues in your use of our Sites and Services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our Sites.

Pixel Tags
We may also use pixel tags (which are also known as web beacons and clear GIFs) on our Sites to track the actions of users on our Sites. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages. Pixel tags measure the success of our marketing campaigns and compile statistics about usage of the Sites, so that we can manage our content more effectively. The information we collect using pixel tags is not linked to our users’ personal data.

Do-Not-Track
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time. Please see the “Your Rights and Choices” section below for information about how you may opt out of, or limit the use of, your browsing behavior for online behavioral advertising purposes.

Information From Social Networking Sites
Our Sites may include interfaces that allow you to connect with social networking sites (each a “SNS”). If you connect to a SNS through our Sites you authorize us to access, use and store the information that you agreed the SNS could provide to us based on your settings on that SNS. We will access, use and store that information in accordance with this Privacy Policy. You can revoke our future access to the information you provide to us through an SNS at any time by amending the appropriate settings within your account settings on the applicable SNS.

How We Use The Personal Data We Collect
We use the personal data that customers upload into the Cloud Services only as directed by the customers and to comply with applicable legal requirements.

In addition, we may use other personal data we collect to:

  • Facilitate of the provision of the SaaS Offerings and related purposes, including security and audits
  • Establish and maintain user accounts on our websites or mobile applications
  • Communicate with you about the products and services, and respond to your requests, inquiries, comments, and suggestions
  • Operate, evaluate and improve our business, our websites and mobile applications, or communications strategies, and the products and services we offer (including to develop new products and services)
  • Enable you to share information via your social network accounts
  • Comply with legal requirements, judicial process, and our company policies (including to verify users’ identity in connection with access or correction requests)
  • Protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites, mobile applications, and the Cloud Services), and claims and other liabilities, including by enforcing the terms and conditions that may apply to your use of our websites, mobile applications, or Cloud Services

Legal Bases for Processing

If you reside in the European Union (“EU”), we are required to inform you of the legal bases of our processing of your personal data on our Sites, which are described in the table below.

Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).

Collection and use of information

Personal Data We Share
We share the personal data that customers upload into the Cloud Services as directed by the customers and to comply with applicable legal requirements.

We may share data regarding business customers’ personnel’s use of the Cloud Services, our websites and mobile applications with the relevant customers.

We may share data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We may share data with third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;

We may share data with courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights. We may share the data we collect with our service providers that perform services on our behalf for the purposes described in this Privacy Policy. We contractually require these service providers to use or disclose the personal data only as necessary to perform services on our behalf or comply with legal requirements.

If you choose to comment on an article via our blog, we may display your name publicly along with your comment. Any personal data you provide or post in connection with our blog will not be regarded as confidential and may be made publicly available on the Internet and indexed by search engines.

We may post a customer testimonial on our website, with the customer’s prior consent.

Unless prohibited by applicable law, we reserve the right to transfer the data we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal data in a manner that is consistent with this Privacy Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the processing of your personal data.

We may share personal data to comply with legal requirements (e.g., to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements). We may also share your personal data to protect against and prevent fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications) and claims and other liabilities.

Data Retention
We do not retain personal data for longer than necessary for the purposes for which the data was obtained or to comply with legal requirements. We retain personal data that we possess in connection with the SaaS Offerings as directed by the relevant customer and as required by law.

Your Rights and Choices
Regardless of where you reside, you can submit privacy inquiries and requests by email to support@ease.io or to our postal address provided below regarding personal data other than which our customers uploads into the Cloud Services. You may request that we take the following actions in relation to your personal data:

  • Access. Provide you with information about our processing of your personal data and give you access to your personal data. We will provide you with a copy of the personal data we maintain about you in the ordinary course of business, to the extent the personal data is not available via our websites or mobile applications.
  • Correct. Update or correct inaccuracies in your personal data. You may request to correct any errors in your personal data as further explained in the “how to Contact Us” section of this Privacy Notice.
  • Delete. Delete your personal data.
  • Transfer. Transfer a machine-readable copy of your personal data to you or a third party of your choice.
  • Restrict. Restrict the processing of your personal data.
  • Object. Object to our legitimate interests as the basis of our processing of your personal data.

We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you reside in the EU and would like to submit a complaint about our use of your personal data or response to your requests regarding your personal data, you may contact us or submit a complaint to the data protection regulatory authority in your country.

You may unsubscribe from receiving marketing emails from Ease by clicking the “unsubscribe” link in the footer of the message. Even if you unsubscribe, we may still send information such as administrative emails which pertain to the websites, mobile applications, or Cloud Services.

You may request removal of your personal information from our blog, customer testimonials, or other public portions of our websites, by contacting us at marketing@ease.io In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

You may prevent us from automatically collecting your location information by disabling location services on your mobile device; or, if the option is available on your mobile device, by configuring your mobile device not to allow your mobile application to collect location information.

The business partners that collect information about your activities on our websites and in our mobile applications may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. European users may opt out of receiving targeted advertising through members of the European Interactive Digital Advertising Alliance by clicking here, selecting your country, and then clicking “Choices” (or similarly-titled link). Accordingly, you may manage Flash cookies here.

If your employer is a customer of the EASE Audits (SaaS) Cloud Services and provides your personal information to Ease to authorize you to use the Cloud Services, please contact your employer to exercise any legal rights that may apply. If you exercise applicable legal rights through your employer, we will work with your employer to respond to your request.

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to: Request access to your personal data; Request correction of your personal data; Request erasure of your personal data; Object to processing of your personal data; Request restriction of processing your personal data; Request transfer of your personal data; and the Right to withdraw consent. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Liability for Onward Transfers

Ease complies with GDPR regarding accountability for onward transfers. Ease remains liable under GDPR if its onward transfer recipients process Personal Data in a manner inconsistent with GDPR, unless Ease proves that it was not responsible for the event giving rise to the damage.

International Data Transfers
The Ease SaaS Offerings are hosted in the United States, and we provide the Ease SaaS Offerings from the United States. If you use the Ease SaaS Offerings from the European Economic Area (“EEA”) or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer your Personal Information to countries other than the country where you are located, including to the United States.

By providing your Personal Information, you consent to the transfer of your Personal Information to the United States and to other world regions, and the use of your Personal Information in accordance with this Privacy Policy.

How We Protect Personal Information
Ease implements reasonable physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure. For example, we utilize encrypted connectivity for transfer of sensitive personal information over the Internet. We also require that our suppliers protect such information from unauthorized access, use and disclosure. However, no system or transmission of data over the Internet, or any storage of data, can be guaranteed to be 100% secure.

Links To Websites And Third-Party Content
For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by Ease. The websites and third-party content to which we link may have separate privacy notices or policies. Ease is not responsible for the privacy practices of any entity that it does not own or control.

Additional Disclosures for California Residents

These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.

Notice of Collection
In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA: Identifiers, including name, alias, postal address, email address, phone number, account name, IP address, and other similar identifiers. Demographic information, including your age and gender. Commercial information, including purchases and engagement with Ease.

Right to Know and Delete
If you are a California resident, you have the rights to delete the personal information we have collected from you and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

To exercise any of these rights, call our toll-free number at +1 (855) 880-8327 and select Option 2 to leave us a message. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

Right to Opt-Out
To the extent Ease sells your personal information as the term “sell” is defined under the CCPA, you have the right to opt-out of the sale of your personal information by us to third parties at any time. You may submit a request to opt-out through our toll-free number at +1 (855) 880-8327 and select Option 2 to leave us a message.

Authorized Agent
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

Right to Non-Discrimination 
You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

Minors
We do not knowingly “sell” the personal information of minors under 16 years old who are California residents without their affirmative authorization.

Shine the Light
Customers who are residents of California have the right to request a disclosure describing the categories of personal information we have shared with third parties for their direct marketing purposes, and with whom we have shared it, during the preceding calendar year. You may request a copy of that disclosure by contacting us as set out in the “Contact Us” section above and specifying that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

Additional Disclosures for Nevada Residents

Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at support@ease.io.

Additional Disclosures Regarding DPF
Ease complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Ease has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Ease has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The Federal Trade Commission has jurisdiction over Ease’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Your rights and controlling your personal information

GDPR Compliance
At Ease Inc., we are committed to ensuring the privacy and protection of our customers’ personal data. We comply with the General Data Protection Regulation (GDPR) and have implemented comprehensive measures to safeguard personal data and uphold the rights of data subjects. Below, we outline our GDPR compliance practices.

Lawfulness, Fairness, and Transparency
We process personal data lawfully, fairly, and in a transparent manner. We inform data subjects about how their data will be used at the point of data collection and ensure that their data is only used for legitimate purposes.

Choice and Consent
By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this privacy policy. If you are under 16 years of age, you must have, and warrant to the extent permitted by law to us, that you have your parent or legal guardian’s permission to access and use the website and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this website or the products and/or services offered on or through it.

Information from Third Parties
If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Purpose Limitation
Personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner that is incompatible with those purposes. We ensure that all processing activities align with the purposes initially communicated to the data subjects.

Data Minimization
We only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We regularly review our data collection practices to ensure we are not collecting excessive information.

Accuracy
We take all reasonable steps to ensure that the personal data we hold is accurate and, where necessary, kept up to date. Data subjects can request corrections to their personal data if they believe it is inaccurate or incomplete.

Storage Limitation
Personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. We implement data retention policies and regularly review the personal data we hold, deleting information that is no longer needed.

Integrity and Confidentiality
We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. We use a variety of security technologies and procedures to help protect personal data.

Accountability
We take responsibility for our compliance with GDPR and are able to demonstrate this compliance. We maintain records of our processing activities and conduct regular audits to ensure our practices meet GDPR requirements.

Restrict
You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.

Notification of Data Breaches
We will comply laws applicable to us in respect of any data breach.

Complaints
If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Unsubscribe
To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Data Portability
Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format. We ensure that data subjects can easily transfer their personal data to another controller upon request. Our process for data portability includes:

  • Format Provision: Providing data in commonly used formats like CSV or JSON.
  • Secure Transfer: Ensuring that the data transfer process is secure and protects the data from unauthorized access.

Data Deletion and Destruction
We are committed to securely and permanently deleting personal data upon request or when it is no longer needed. Our data deletion practices include:

  • Customer Requests for Data Deletion: Customers can request the deletion of their data at any time by contacting us via email or through specified methods. We verify the identity of the requester to ensure the legitimacy of the request.
  • Processing Data Deletion Requests: Upon receiving a verified request, we promptly initiate the deletion process and complete it within 30 days, unless a longer retention period is required by law or necessary for legitimate business purposes.

Data Deletion Methods

  • Amazon S3: Utilize AWS S3 bucket policies and lifecycle rules to automatically delete or archive customer data based on predefined retention periods.
  • RDS MySQL: Execute SQL commands to delete customer data from databases and ensure that backups and replicas do not retain deleted data beyond necessary periods.
  • Secure Deletion: Employ industry-standard techniques, including secure erase for digital data and physical destruction for physical media, to ensure that deleted data cannot be recovered.

Verification and Documentation

  • Logging: Maintain detailed logs of data deletion activities, including timestamps, the scope of deletion, and the methods used.
  • Verification: Provide customers with confirmation of data deletion upon completion of their request.
  • Retention: Retain deletion records in accordance with Ease Inc.’s data retention policy for auditing and compliance purposes.
  • Media Destruction: Employ appropriate destruction methods for various media types, including cross-cut shredding for paper and optical media, and secure erasure for digital media.
  • Compliance and Accountability
    Ease Inc. is committed to complying with all relevant data protection regulations, including GDPR, CCPA, and other applicable laws. We regularly review and update our data deletion procedures to align with changes in regulations and best practices. We also ensure that all staff members are trained on data protection and privacy policies to maintain high standards of compliance.

Changes to our Privacy Policy

When we update this Privacy Policy, we will take reasonable steps to notify you of changes that are deemed material under applicable legal requirements by posting a notice and the new Privacy Policy on or within our website or mobile applications or provide other notification as required by applicable law. We may also notify you of changes to the Privacy Policy in other ways, such as via email or other contact information you have provided.

If we make a significant change to this privacy policy, for example changing a lawful basis on which we process your personal information, we will ask you to re-consent to the amended privacy policy.

How To Contact Us
You may contact us with questions, comments, or complaints about this Privacy Notice or our privacy practices, or to request access to or correction of your information. Our contact information is as follows:

By Mail:

Ease, Inc.
ATTN: Privacy and Data Protection
1403 N El Camino Real
San Clemente, CA 92672
USA